On 19/02/11 11:30, Denis A. Altoé Falqueto wrote:

Two new command line options were added:

-n, --sign: forces the generation of a signature for
the resulting package, even if not configured in makepkg.conf.
The command line has precedence over the option in
makepkg.conf. So, even if makepkg.conf has !sign in
BUILDENV, passing --sign to makepkg will make it
sign the package.


I think we should have a --nosign option to which would negate 'sign' in
makepkg.conf. See the --check/--nocheck pair to see how that is achieved.



--signwithkey<key>: there is a possibility of another key
being used, instead of the user's default. For exemple,
pacman-keyring package could be signed by a master key,
because it needs to be trusted explicitly by the user
before the installation of that package. So, this parameter
will be used to supply an id for a key to be used to sign
the package.

Signed-off-by: Denis A. Altoé Falqueto<denisfalqueto@gmail.com>
---
scripts/makepkg.sh.in | 28 +++++++++++++++++++++++-----
1 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 8381a78..dc71ffd 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -28,7 +28,7 @@
# makepkg uses quite a few external programs during its execution. You
# need to have at least the following installed for makepkg to function:
# awk, bsdtar (libarchive), bzip2, coreutils, fakeroot, file, find (findutils),
-# gettext, grep, gzip, openssl, sed, tput (ncurses), xz
+# gettext, gpg, grep, gzip, openssl, sed, tput (ncurses), xz

# gettext initialization
export TEXTDOMAIN='pacman'
@@ -74,6 +74,8 @@ BUILDFUNC=0
CHECKFUNC=0
PKGFUNC=0
SPLITPKG=0
+SIGN=0
+SIGNKEY=""
PKGLIST=()

# Forces the pkgver of the current PKGBUILD. Used by the fakeroot call
@@ -1106,7 +1108,7 @@ create_package() {
}

create_signature() {
- if [[ $(check_buildenv sign) != "y" ]]; then
+ if [[ $(check_buildenv sign) != "y"&& $SIGN != 1 ]]; then
return
fi
local ret=0
@@ -1116,7 +1118,18 @@ create_signature() {
error "$(gettext "Cannot find the gpg binary! Is gnupg installed?")"
exit 1 # $E_MISSING_PROGRAM
fi
- gpg --detach-sign --use-agent "$filename" || ret=$?
+
+ # Check if SIGNKEY is valid.
+ local SIGNWITHKEY=""
+ if [[ "${SIGNKEY}" ]]; then
+ if ! gpg --list-key "${SIGNKEY}" 1>/dev/null 2>&1; then
+ error "$(gettext "The key ${SIGNKEY} doesn't exist.")"
+ exit 1
+ fi
+ SIGNWITHKEY="-u ${SIGNKEY}"
+ fi


I wonder if this is checked too late. I suppose with a package()
function in a PKGBUILD, we can not rebuild by using "makepkg -R" but
this still seems quite late to abort.



+ # The signature will be generated directly in ascii-friendly format
+ gpg --detach-sign --quiet --batch --use-agent ${SIGNWITHKEY} "$filename" 1>/dev/null || ret=$?


--batch is bad here. It forces the use of a gpg-agent.



if (( ! ret )); then
msg2 "$(gettext "Created signature file %s.")" "$filename.sig"
else
@@ -1614,6 +1627,9 @@ usage() {
echo "$(gettext " --pkg<list> Only build listed packages from a split package")"
echo "$(gettext " --skipinteg Do not fail when integrity checks are missing")"
echo "$(gettext " --source Generate a source-only tarball without downloaded sources")"
+ echo "$(gettext " -n, --sign Sign the resulting package with gpg")"
+ printf "$(gettext " --signwithkey<key>

+ Selects an specific key to use for signing, instead of user's default")"
echo
echo "$(gettext "These options can be passed to pacman:")"
echo
@@ -1645,11 +1661,11 @@ fi
ARGLIST=("$@")

# Parse Command Line Options.
-OPT_SHORT="AcCdefFghiLmop:rRsV"
+OPT_SHORT="AcCdefFghiLmnop:rRsV"
OPT_LONG="allsource,asroot,ignorearch,check,clean, cleancache,nodeps"
OPT_LONG+=",noextract,force,forcever:,geninteg,hel p,holdver"
OPT_LONG+=",install,log,nocolor,nobuild,nocheck,pk g:,rmdeps"
-OPT_LONG+=",repackage,skipinteg,source,syncdeps,ve rsion,config:"
+OPT_LONG+=",repackage,sign,signwithkey:,skipinteg ,source,syncdeps,version,config:"
# Pacman Options
OPT_LONG+=",noconfirm,noprogressbar"
OPT_TEMP="$(parse_options $OPT_SHORT $OPT_LONG "$@" || echo 'PARSE_OPTIONS FAILED')"
@@ -1693,6 +1709,8 @@ while true; do
-R|--repackage) REPKG=1 ;;
--skipinteg) SKIPINTEG=1 ;;
--source) SOURCEONLY=1 ;;
+ --sign) SIGN=1 ;;
+ --signwithkey) shift; SIGNKEY=$1 ;;
-s|--syncdeps) DEP_BIN=1 ;;

-h|--help) usage; exit 0 ;; # E_OK

On Sat, Feb 19, 2011 at 12:51 PM, Allan McRae <allan@archlinux.org> wrote:
>> + Â* Â* Â* if [[ "${SIGNKEY}" ]]; then
>> + Â* Â* Â* Â* Â* Â* Â* if ! gpg --list-key "${SIGNKEY}" 1>/dev/null 2>&1; then
>> + Â* Â* Â* Â* Â* Â* Â* Â* Â* Â* Â* error "$(gettext "The key ${SIGNKEY} doesn't
>> exist.")"
>> + Â* Â* Â* Â* Â* Â* Â* Â* Â* Â* Â* exit 1
>> + Â* Â* Â* Â* Â* Â* Â* fi
>> + Â* Â* Â* Â* Â* Â* Â* SIGNWITHKEY="-u ${SIGNKEY}"
>> + Â* Â* Â* fi
>
> I wonder if this is checked too late. Â*I suppose with a package() function
> in a PKGBUILD, we can not rebuild by using "makepkg -R" but this still seems
> quite late to abort.

I've changed that test to happen just after check_sanity. Of course,
the signature is only tested if there is need to sign.

The new patch will go in a second.

--
A: Because it obfuscates the reading.
Q: Why is top posting so bad?

-------------------------------------------
Denis A. Altoe Falqueto
Linux user #524555
-------------------------------------------

N������^���a��&jw^��.� Ǭj�!�)��ޖ�^��h�X���r�z ��b���^N�W��u�����yÇ¢ï¿ ½ï¿½ï¿½ï¿½z�%u�b����v×�w�9��